Merge 1fefe51e66 into 6dd3c079fe

2025-04-11 19:27:11 -04:00 · 2025-03-01 21:34:50 +00:00 · 2025-03-01 21:34:50 +00:00 · 3eb09a8ae2
commit 3eb09a8ae2
parent 6dd3c079fe 1fefe51e66
13 changed files with 166 additions and 16 deletions
--- a/base/Dockerfile
+++ b/base/Dockerfile
@ -125,6 +125,8 @@ ENV POSTGRES_PORT=5432
 ENV DEFAULT_DB=lsmb

 COPY start.sh /usr/local/bin/start.sh
+COPY config.sh /usr/local/bin/config.sh
+COPY run.sh /usr/local/bin/run.sh

 RUN chmod +x /usr/local/bin/start.sh && \
  mkdir -p /var/www && \
--- a/base/config.sh
+++ b/base/config.sh
@ -1,5 +1,7 @@
 #!/bin/bash

+set -e
+
 cd /srv/ledgersmb
 [[ -d ./local/conf/ ]] || mkdir ./local/conf/
 if [[ -n "$SSMTP_ROOT" ]]; then
@ -157,19 +159,4 @@ EOF
  fi
 fi

-# start ledgersmb
-# --preload-app allows application initialization to kill the entire
-# starman instance (instead of just the worker, which will immediately
-# get restarted) on error; it also has a positive effect on memory use
-
-LSMB_CONFIG_FILE=${LSMB_CONFIG_FILE:-./local/conf/ledgersmb.yaml}
-export LSMB_CONFIG_FILE
-echo '--------- LEDGERSMB CONFIGURATION:  ledgersmb.conf'
-cat ${LSMB_CONFIG_FILE}
-echo '--------- LEDGERSMB CONFIGURATION --- END'
-
-# ':5762:' suppresses an uninitialized variable warning in starman
-# the last colon means "don't connect using tls"; without it, there's a warning
-exec starman --listen 0.0.0.0:5762 --workers ${LSMB_WORKERS:-5} \
-             -I lib -I old/lib \
-             --preload-app bin/ledgersmb-server.psgi
+exit 0
--- a/base/docker-compose-reverseproxy.yml
+++ b/base/docker-compose-reverseproxy.yml
--- a/base/docker-compose.yml
+++ b/base/docker-compose.yml
--- a/base/nginx.conf
+++ b/base/nginx.conf
--- a/base/run.sh
+++ b/base/run.sh
@ -0,0 +1,14 @@
+#!/bin/bash
+
+cd /srv/ledgersmb
+LSMB_CONFIG_FILE=${LSMB_CONFIG_FILE:-./local/conf/ledgersmb.yaml}
+export LSMB_CONFIG_FILE
+echo '--------- LEDGERSMB CONFIGURATION:  ledgersmb.conf'
+cat ${LSMB_CONFIG_FILE}
+echo '--------- LEDGERSMB CONFIGURATION --- END'
+
+# ':5762:' suppresses an uninitialized variable warning in starman
+# the last colon means "don't connect using tls"; without it, there's a warning
+exec starman --listen 0.0.0.0:5762 --workers ${LSMB_WORKERS:-5} \
+             -I lib -I old/lib \
+             --preload-app bin/ledgersmb-server.psgi
--- a/base/start.sh
+++ b/base/start.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+home_dir="$(dirname `readlink -f $BASH_SOURCE`)"
+"$home_dir/config.sh" || (echo "Failed configuration" ; exit)
+exec "$home_dir/run.sh"
--- a/with-proxy/Dockerfile
+++ b/with-proxy/Dockerfile
@ -0,0 +1,49 @@
+FROM lsmb-split:latest
+#FROM ledgersmb/ledgersmb:1.11.18
+USER root
+
+# Remove inherited start.sh
+RUN rm -rf /usr/local/bin/start.sh
+
+# Install nginx and other dependencies
+RUN set -x && \
+    apt-get update -y && \
+    apt-get dist-upgrade -y && \
+    apt-get install -y --no-install-recommends \
+    nginx wget xz-utils
+    mkdir -p /var/lib/nginx/body /var/cache/nginx
+
+COPY nginx.conf /etc/nginx/nginx.conf
+
+# Install s6-overlay
+ARG S6_OVERLAY_VERSION=3.2.0.2
+
+RUN set -ex && \
+  ARCH="x86_64" && \
+  wget -O /tmp/s6-overlay-noarch.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz && \
+  wget -O /tmp/s6-overlay-noarch.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz.sha256 && \
+  wget -O /tmp/s6-overlay-${ARCH}.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.xz && \
+  wget -O /tmp/s6-overlay-${ARCH}.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.xz.sha256 && \
+  wget -O /tmp/s6-overlay-symlinks-noarch.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz && \
+  wget -O /tmp/s6-overlay-symlinks-noarch.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz.sha256 && \
+  cd /tmp && \
+  sha256sum -c *.sha256 && \
+  tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz && \
+  tar -C / -Jxpf /tmp/s6-overlay-${ARCH}.tar.xz && \ 
+  tar -C / -Jxpf /tmp/s6-overlay-symlinks-noarch.tar.xz
+
+# Configure nginx and starman with s6
+COPY services/starman/run /etc/services.d/starman/run
+RUN chmod +x /etc/services.d/starman/run
+
+COPY services/nginx/run /etc/services.d/nginx/run
+RUN chmod +x /etc/services.d/nginx/run
+
+COPY scripts/ledgersmb_config /etc/s6-overlay/s6-rc.d/ledgersmb_config
+RUN touch /etc/s6-overlay/s6-rc.d/user/contents.d/ledgersmb_config
+RUN chmod +x /etc/s6-overlay/s6-rc.d/ledgersmb_config/up
+
+EXPOSE 80
+
+#USER www-data
+ENTRYPOINT ["/init"]
--- a/with-proxy/nginx.conf
+++ b/with-proxy/nginx.conf
@ -0,0 +1,83 @@
+# This is a full (minimal) nginx configuration file
+
+error_log /dev/stderr info;
+pid /tmp/nginx.pid;
+worker_processes 1;
+user www-data;
+
+
+events {
+   worker_connections 1024;
+}
+
+http {
+   client_body_temp_path /tmp/client_body;
+   proxy_temp_path /tmp/proxy_temp;
+   fastcgi_temp_path /tmp/fastcgi_temp;
+   scgi_temp_path /tmp/scgi_temp;
+   uwsgi_temp_path /tmp/uwsgi_temp;
+
+   sendfile on;
+   tcp_nopush on;
+   tcp_nodelay on;
+   keepalive_timeout 65;
+   types_hash_max_size 2048;
+   include /etc/nginx/mime.types;
+   default_type application/octet-stream;
+
+   access_log /dev/stdout;
+   error_log /dev/stderr info;
+
+   gzip off;
+   gzip_static on;
+
+   server {
+      listen 80 default_server;
+      listen [::]:80 default_server ipv6only=on;
+
+      root /srv/ledgersmb/UI;
+
+      access_log /dev/stdout;
+      error_log /dev/stderr info;
+
+      # Don't log status polls
+      location /nginx_status {
+               stub_status on;
+               access_log off;
+               allow 127.0.0.1;
+               allow ::1;
+               deny all;
+      }
+
+      # Configuration files don't exist
+      location ^~ \.conf$ {
+         return 404;
+      }
+
+      # 'Hidden' files don't exist
+      location ~ /\. {
+         return 404;
+      }
+
+      location = / {
+         return 301 /login.pl;
+      }
+
+      # JS & CSS
+      location ~* \.(js|css)$ {
+         add_header Pragma "public";
+         add_header Cache-Control "public, must-revalidate, proxy-revalidate"; # Production
+         expires     7d; # Indicate that the resource can be cached for 1 week # Production
+         try_files $uri =404;
+      }
+
+      location / {
+         proxy_set_header        Host $host;
+         proxy_set_header        X-Real-IP $remote_addr;
+         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+         proxy_set_header        X-Forwarded-Proto $scheme;
+         proxy_read_timeout      300;
+         proxy_pass              http://127.0.0.1:5762;
+      }
+   }
+}
--- a/with-proxy/scripts/ledgersmb_config/type
+++ b/with-proxy/scripts/ledgersmb_config/type
@ -0,0 +1 @@
+oneshot
--- a/with-proxy/scripts/ledgersmb_config/up
+++ b/with-proxy/scripts/ledgersmb_config/up
@ -0,0 +1,3 @@
+foreground { echo "Running config..." }
+
+/usr/local/bin/config.sh
--- a/with-proxy/services/nginx/run
+++ b/with-proxy/services/nginx/run
@ -0,0 +1,3 @@
+#!/usr/bin/with-contenv /bin/bash
+
+exec nginx -g "daemon off;"
--- a/with-proxy/services/starman/run
+++ b/with-proxy/services/starman/run
@ -0,0 +1,3 @@
+#!/usr/bin/with-contenv /bin/bash
+
+s6-setuidgid www-data /usr/local/bin/run.sh